cleantalk
Vulnerabilities and Security Researches

Serial Codes Generator and Validator with WooCommerce Support, ba6efb0a623380b705452ba37eb8f74b11aae946

CVE, Research URL

ba6efb0a623380b705452ba37eb8f74b11aae946

Home page URL

Security reports for Serial Codes Generator and Validator with WooCommerce Support

Application

Serial Codes Generator and Validator with WooCommerce Support

Published on
Aug 17, 2023
Research Description
Serial Codes Generator and Validator with WooCommerce Support [serial-codes-generator-and-validator] < 2.4.15 Serial Codes Generator and Validator with WooCommerce Support <= 2.4.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting The Serial Codes Generator and Validator with WooCommerce Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data[codes]' parameter saved through the sngmbhSerialcodesValidator_executeAdminSettings AJAX action in versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.4.15.
Status
vulnerable
Previous vulnerability researches
Serial Codes Generator and Validator with WooCommerce Support (CVE-2025-30854) , Apr 03, 2025
Serial Codes Generator and Validator with WooCommerce Support (CVE-2023-4376) , Jun 07, 2024
Serial Codes Generator and Validator with WooCommerce Support (ba6efb0a623380b705452ba37eb8f74b11aae946) , Jun 07, 2024
New vulnerability
Woo Product Feed For Marketing Channels (CVE-2025-31377) , Apr 10, 2025
Easy custom css by webriti (CVE-2025-31395) , Apr 10, 2025
Checkout Mestres WP (CVE-2025-32695) , Apr 10, 2025
Request Call Back (CVE-2025-32483) , Apr 10, 2025
QR Master (CVE-2025-32116) , Apr 10, 2025